home *** CD-ROM | disk | FTP | other *** search
/ Personal Computer World 2007 September / PCWSEP07.iso / Software / Linux / Linux Mint 3.0 Light / LinuxMint-3.0-Light.iso / casper / filesystem.squashfs / var / lib / dpkg / info / ca-certificates.config < prev    next >
Encoding:
Text File  |  2006-11-08  |  8.6 KB  |  170 lines
  1. #!/bin/sh
  2. # $1 = action ('configure' or 'reconfigure')
  3. # $2 = current-installed-version
  4. set -e
  5.  
  6. action="$1"
  7. cur_version="$2"
  8. this_version='20061027'
  9.  
  10. if test -f /etc/ca-certificates.conf; then
  11.   CERTSCONF=/etc/ca-certificates.conf
  12. else
  13.   CERTSCONF=/dev/null
  14. fi
  15.  
  16. # CERTS_DISABLED: certs that user dont trust
  17. CERTS_DISABLED=$(sed -ne 's/^!\(.*\)/\1/p' $CERTSCONF)
  18.  
  19. # CERTS_TRUST: certs that user already trust
  20. CERTS_TRUST=$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF)
  21.  
  22.  
  23. # CERTS_AVAILABLE: certs that user can choices
  24. CERTS_AVAILABLE=""
  25.  
  26. # CERTS_ENABLED: certs that user already trusted
  27. CERTS_ENABLED=""
  28.  
  29. # CERTS_LIST: certs that will be installed
  30. CERTS_LIST="spi-inc.org/SPI_CA_2006-cacert.crt, spi-inc.org/spi-ca.crt, mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_2.crt, mozilla/AddTrust_External_Root.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Certum_Root_CA.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/Comodo_Secure_Services_root.crt, mozilla/Comodo_Trusted_Services_root.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_2.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_4.crt, mozilla/Entrust.net_Global_Secure_Personal_CA.crt, mozilla/Entrust.net_Global_Secure_Server_CA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust.net_Secure_Personal_CA.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/Equifax_Secure_CA.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/Equifax_Secure_eBusiness_CA_2.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/GTE_CyberTrust_Root_CA.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/IPS_CLASE1_root.crt, mozilla/IPS_CLASE3_root.crt, mozilla/IPS_CLASEA1_root.crt, mozilla/IPS_CLASEA3_root.crt, mozilla/IPS_Chained_CAs_root.crt, mozilla/IPS_Servidores_root.crt, mozilla/IPS_Timestamping_root.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/RSA_Security_1024_v3.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Sonera_Class_1_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/TDC_Internet_Root_CA.crt, mozilla/TDC_OCES_Root_CA.crt, mozilla/Thawte_Personal_Basic_CA.crt, mozilla/Thawte_Personal_Freemail_CA.crt, mozilla/Thawte_Personal_Premium_CA.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/Thawte_Server_CA.crt, mozilla/Thawte_Time_Stamping_CA.crt, mozilla/UTN-USER_First-Network_Applications.crt, mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt, mozilla/UTN_USERFirst_Hardware_Root_CA.crt, mozilla/UTN_USERFirst_Object_Root_CA.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_1_Public_Primary_OCSP_Responder.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_2_Public_Primary_OCSP_Responder.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_3_Public_Primary_OCSP_Responder.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_RSA_Secure_Server_CA.crt, mozilla/Verisign_Secure_Server_OCSP_Responder.crt, mozilla/Verisign_Time_Stamping_Authority_CA.crt, mozilla/Visa_International_Global_Root_2.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/beTRUSTed_Root_CA-Baltimore_Implementation.crt, mozilla/beTRUSTed_Root_CA.crt, mozilla/beTRUSTed_Root_CA_-_Entrust_Implementation.crt, mozilla/beTRUSTed_Root_CA_-_RSA_Implementation.crt, cacert.org/cacert.org.crt, brasil.gov.br/brasil.gov.br.crt, signet.pl/signet_ca1_pem.crt, signet.pl/signet_ca2_pem.crt, signet.pl/signet_ca3_pem.crt, signet.pl/signet_ocspklasa2_pem.crt, signet.pl/signet_ocspklasa3_pem.crt, signet.pl/signet_pca2_pem.crt, signet.pl/signet_pca3_pem.crt, signet.pl/signet_rootca_pem.crt, signet.pl/signet_tsa1_pem.crt, quovadis.bm/QuoVadis_Root_Certification_Authority.crt"
  31.  
  32. # CERTS_NEW: new certificates that will be installed
  33. CERTS_NEW=""
  34.  
  35. members()
  36. {
  37.   echo "$1" | tr ',' '\n' | sed -e 's/^[[:space:]]*//' | while read ca
  38.   do
  39.     if echo "$2" | grep -q "$ca" > /dev/null 2>&1; then
  40.       echo match
  41.     fi
  42.   done | grep -q match
  43. }
  44.  
  45. . /usr/share/debconf/confmodule || exit
  46. db_version 2.0
  47. db_capb multiselect
  48.  
  49. db_title "ca-certificates configuration"
  50. db_input medium ca-certificates/trust_new_crts || true
  51. db_go
  52.  
  53. trust_new="yes"
  54. if db_get ca-certificates/trust_new_crts; then
  55.   trust_new="$RET"
  56. fi
  57.  
  58. seen=false
  59. if db_fget ca-certificates/enable_crts seen; then
  60.   seen="$RET"
  61. fi
  62. # XXX: in case reconfigure, force to select all available certificates
  63. if test "$action" = "reconfigure" || test "$DEBCONF_RECONFIGURE" = "1"; then
  64.   seen=false
  65.   trust_new=no
  66. fi
  67.  
  68. if test -d /usr/share/ca-certificates; then
  69.   cd /usr/share/ca-certificates
  70.   crts=$( (find . -type f -name '*.crt' -print | sed -e 's/^\.\///'; \
  71.            echo "$CERTS_LIST" | tr ',' '\n' | sed -e 's/^[[:space:]]*//') | \
  72.            sort | uniq)
  73.   for crt in $crts
  74.   do
  75.    if test "$CERTS_AVAILABLE" = ""; then
  76.      CERTS_AVAILABLE="$crt"
  77.    else
  78.      CERTS_AVAILABLE="$CERTS_AVAILABLE, $crt"
  79.    fi
  80.    if echo "$CERTS_DISABLED" | grep -F -q -x "$crt" > /dev/null 2>&1; then
  81.      : # echo "I: ignore $crt"
  82.    elif echo "$CERTS_TRUST" | grep -F -q -x "$crt" > /dev/null 2>&1; then
  83.      # already trusted
  84.      if test "$CERTS_ENABLED" = ""; then
  85.        CERTS_ENABLED="$crt"
  86.      else
  87.        CERTS_ENABLED="$CERTS_ENABLED, $crt"
  88.      fi
  89.    else
  90.      # new certs?
  91.      if test "$trust_new" = "yes"; then
  92.        if test "$CERTS_ENABLED" = ""; then
  93.           CERTS_ENABLED="$crt"
  94.        else
  95.           CERTS_ENABLED="$CERTS_ENABLED, $crt"
  96.        fi
  97.      elif test "$trust_new" = "ask"; then
  98.        if test "$CERTS_NEW" = ""; then
  99.           CERTS_NEW="$crt"
  100.        else
  101.           CERTS_NEW="$CERTS_NEW, $crt"
  102.        fi
  103.      else
  104.      : # trust_new=no, default disabled
  105.      fi
  106.    fi
  107.   done
  108. else
  109.   # initial installation
  110.   CERTS_AVAILABLE="$CERTS_LIST"
  111.   CERTS_ENABLED="$CERTS_AVAILABLE"
  112.   # XXX: ca-certificates/enable_crts should be used, so no need to ask new
  113.   #     in this session
  114.   trust_new="yes"
  115.   CERTS_NEW=""
  116. fi
  117.  
  118. enable_crts=""
  119. if db_get ca-certificates/enable_crts; then
  120.  enable_crts="$RET"
  121. fi
  122.  
  123. new_seen=false
  124. if dpkg --compare-versions "$cur_version" lt 20040808; then
  125.   db_fset ca-certificates/new_crts seen false
  126. fi
  127. if db_fget ca-certificates/new_crts seen; then
  128.   new_seen="$RET"
  129. fi
  130. if members "$CERTS_NEW" "$enable_crts"; then
  131.     # already selected new_crts?
  132.     new_seen=true
  133. fi
  134. db_subst ca-certificates/new_crts new_crts "$CERTS_NEW"
  135.  
  136. if test "$trust_new" = "ask" && test "$new_seen" = "true"; then
  137.  # XXX: run this again in postinst
  138.  CERTS_ENABLED="$enable_crts"
  139. fi
  140.  
  141. if test "$trust_new" = "ask" && test "$CERTS_NEW" != "" && test "$new_seen" = "false"; then
  142.   # New certificates added
  143.   db_fset ca-certificates/new_crts seen false
  144.   db_title "ca-certificates configuration"
  145.   db_input critical ca-certificates/new_crts || true
  146.   db_go
  147.   
  148.   if db_get ca-certificates/new_crts; then
  149.      if test "$CERTS_ENABLED" = ""; then
  150.         CERTS_ENABLED="$RET"
  151.      else
  152.         CERTS_ENABLED="$CERTS_ENABLED, $RET"
  153.      fi
  154.   fi
  155.   # XXX: old certificates keep current state?
  156.   seen=true
  157. fi
  158. # mark seen true, so that dont ask again while postinst 
  159. db_fset ca-certificates/new_crts seen true
  160.  
  161. db_set ca-certificates/enable_crts "$CERTS_ENABLED"
  162. db_subst ca-certificates/enable_crts enable_crts "$CERTS_AVAILABLE"
  163. if test "$seen" != true; then
  164.  db_fset ca-certificates/enable_crts seen false
  165. fi
  166. db_title "ca-certificates configuration"
  167. db_input low ca-certificates/enable_crts || true
  168. db_go
  169. exit 0
  170.